Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6992

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6992
Last Modified 19 Aug 2009 12:00:00
Published 19 Aug 2009 01:24:52
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6992

Summary

GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.

Vulnerable Systems

Application

  • Greensql Firewall 0.3.4

  • Greensql Firewall 0.3.5

  • Greensql Firewall 0.8.2

  • Greensql Firewall 0.8.3


References

MISC - http://www.greensql.net/node/98

MISC - http://www.greensql.net/node/89

CONFIRM - http://www.greensql.net/security

MISC - http://sla.ckers.org/forum/read.php?16,24367

OSVDB - 48910

MISC - http://bugs.mysql.com/bug.php?id=39337


Last Updated: 27 May 2016 10:49:25